The Senate Intelligence Committee’s proposed cybersecurity information sharing...
The Senate Intelligence Committee’s proposed cybersecurity information sharing bill is currently called the Cybersecurity Information Sharing Act, according to a discussion draft leaked to The Washington Post (http://bit.ly/1rBOGFa). Intelligence Chairwoman Dianne Feinstein, D-Calif., and committee ranking member Saxby Chambliss, R-Ga.,…
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
have been leading development of the bill. Spokesmen for both senators did not respond to requests for confirmation of the draft’s authenticity. The committee had been seeking industry comment on the bill before the leak, an industry official told us. The draft includes liability protections that would prohibit lawsuits against entities sharing cyberthreat information with “any other entity or the federal government.” Several observers told us the draft closely resembles the House-passed Cyber Intelligence Sharing and Protection Act (CISPA), albeit with an expected increase in privacy protections (CD April 23 p7). The bill would direct the Secretary of Homeland Security, Director of National Intelligence and Attorney General to develop and execute procedures that would allow the “timely sharing” of classified and declassified cyberthreat information between the federal government and “appropriate entities,” along with the public release of some declassified threat information. The bill contains several privacy protections, including requiring any shared cyberthreat information be stripped of “any information contained within such indicators that is known to be personal information of or identifying a United States person, not directly related to a cybersecurity threat.” The bill would only allow law enforcement agencies to use shared information with the written consent of entities involved, but allows for oral consent when “the need for immediate use prevents obtaining written consent.” The Privacy and Civil Liberties Oversight Board would be required to issue a report every two years assessing the privacy and civil liberties impacts of cyberinformation sharing and assess current protections. Involved federal agencies and their inspectors general would also be required to issue biennial reports on implementation of the bill. The leak of the Senate Intelligence draft, whether authorized or not, likely indicates the committee is “getting close” to formally introducing the Cybersecurity Information Sharing Act, said James Lewis, director of the Center for Strategic and International Studies’ Technology and Public Policy program. Several observers have said they're skeptical that Senate Intelligence can clear a cyberinformation sharing bill in time to get it through the full Senate and conference with the House, particularly given the fallout over controversial National Security Agency surveillance programs. The draft bill is “one of the most vanilla” cyber bills possible, and has more support from the White House than CISPA (HR-624) because of the enhanced privacy protections, Lewis said. But Senate Intelligence likely only has about five or six weeks to “see if they can get this one moved,” he said. “The issue is, starting at about the end of May, people will begin to think more about re-election and less about legislation.”